feat: add invalid event name to error message

NodeBB · Feb 8, 2021 · 670cde7 · 670cde7
1 parent cc9d6fd
commit 670cde7
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/public/language/en-GB/error.json b/public/language/en-GB/error.json
@@ -25,6 +25,7 @@
 	"invalid-username-or-password": "Please specify both a username and password",
 	"invalid-search-term": "Invalid search term",
 	"invalid-url": "Invalid URL",
+	"invalid-event": "Invalid event: %1",
 	"local-login-disabled": "Local login system has been disabled for non-privileged accounts.",
 	"csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again",
 

diff --git a/src/socket.io/index.js b/src/socket.io/index.js
@@ -4,6 +4,7 @@ const os = require('os');
 const nconf = require('nconf');
 const winston = require('winston');
 const util = require('util');
+const validator = require('validator');
 const cookieParser = require('cookie-parser')(nconf.get('secret'));
 
 const db = require('../database');
@@ -125,7 +126,8 @@ async function onMessage(socket, payload) {
 		if (process.env.NODE_ENV === 'development') {
 			winston.warn(`[socket.io] Unrecognized message: ${eventName}`);
 		}
-		return callback({ message: '[[error:invalid-event]]' });
+		const escapedName = validator.escape(String(eventName));
+		return callback({ message: `[[error:invalid-event, ${escapedName}]]` });
 	}
 
 	socket.previousEvents = socket.previousEvents || [];

diff --git a/test/socket.io.js b/test/socket.io.js
@@ -87,7 +87,7 @@ describe('socket.io', () => {
 	it('should return error for unknown event', (done) => {
 		io.emit('unknown.event', (err) => {
 			assert(err);
-			assert.equal(err.message, '[[error:invalid-event]]');
+			assert.equal(err.message, '[[error:invalid-event, unknown.event]]');
 			done();
 		});
 	});